Legal

Privacy Policy

How Synaptic AI Ltd collects, uses, stores, and protects your personal data.

Version 1.0 | Effective date: 5 January 2026 | Next review: 5 January 2027

1. Introduction

This Privacy Policy explains how Synaptic AI Ltd collects, uses, stores, and shares personal data about clients, prospective clients, website visitors, associates, and other business contacts. It applies to all personal data we hold as a data controller under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

We aim to be straightforward about what we do with your information. If anything in this policy is unclear, please contact us using the details in section 12.

2. Who we are

Synaptic AI Ltd is an AI strategy advisory firm providing fixed-scope advisory services to UK enterprise and upper mid-market organisations. We are the controller responsible for the personal data described in this policy, unless we are acting as a processor on behalf of a client, in which case the client is the controller and their privacy information will apply to that data.

  • Company name: Synaptic AI Ltd
  • Company number: 16932274 (registered in England and Wales)
  • Registered office: 14 Broadnook Close, Leicester, LE3 9SF
  • Website: www.synapticgroup.ai
  • Contact: bob@synapticgroup.ai

3. The personal data we collect

We collect and process the following categories of personal data. We do not process special category data as a matter of course, and we do not knowingly process data about children.

  • Client contacts. Name, job title, business email address, business telephone number, business postal address, and correspondence with you. For client engagements we may also receive personal data that forms part of the deliverable.
  • Prospective client contacts. Name, job title, organisation, business email address, business telephone number, LinkedIn profile information, and notes from meetings or calls. We collect this information from public sources such as LinkedIn, from referrals, and from networking.
  • Associates and subcontractors. Name, personal email address, personal telephone number, business address, bank details for payment, and National Insurance number where required for tax reporting.
  • Website visitors. synapticgroup.ai is a static website hosted on GitHub Pages with Cloudflare providing content delivery, DNS, and security services. These providers may collect basic technical data (for example, IP address, device type, browser type, pages visited) for the purposes of running the website securely. Where you submit an enquiry form, this is handled by HubSpot, and where you book a session, this is handled by Calendly.
  • Business contacts and correspondence. Email correspondence, meeting notes, diary entries, and any information shared with us in the course of a business relationship.

4. How we use personal data and our lawful basis

We process personal data only where we have a lawful basis under Article 6 of the UK GDPR. The main bases we rely on are:

  • Contract. To enter into or perform a contract with you, including delivering client engagements, paying associates, and administering our business relationships.
  • Legitimate interests. For business development, prospecting, client relationship management, service improvement, and protecting our systems, where those interests are not overridden by your rights.
  • Legal obligation. To comply with UK law, including tax, accounting, anti-money laundering, and company law requirements.
  • Consent. For optional marketing communications, which you can withdraw at any time.

5. Who we share personal data with

We share personal data only where necessary and with appropriate safeguards in place. The main recipients are our sub-processors and service providers (including providers of email, document storage, customer relationship management, AI tooling, accountancy, banking, and insurance services), professional advisers, regulators and public authorities where required by law (including HMRC, Companies House, and the Information Commissioner's Office), and clients where we process personal data on their behalf.

We do not sell personal data, and we do not share personal data for the marketing purposes of other organisations. A current list of sub-processors is available on request.

6. International transfers

Some of our service providers are based outside the United Kingdom. Where this is the case, we rely on appropriate safeguards recognised under UK data protection law, including UK adequacy decisions (for example for countries within the European Economic Area), the UK International Data Transfer Agreement (IDTA), or the UK Addendum to the EU Standard Contractual Clauses. Our main current transfers outside the UK are to US-based service providers such as Anthropic, HubSpot, Calendly, Cloudflare, and GitHub.

7. How long we keep personal data

We keep personal data only as long as we need it for the purpose for which it was collected, to meet legal or contractual obligations, or to protect our legal interests. Our main retention periods are:

  • Client engagement records and deliverables: 7 years from engagement completion.
  • Prospect contact data: 24 months from the last meaningful contact, or sooner on request.
  • Associate and subcontractor records: 7 years after the end of the engagement.
  • Financial and tax records: 7 years, in line with HMRC requirements.
  • Marketing data: until consent is withdrawn, then 12 months on a suppression list.
  • Website visitor and analytics data: 24 months.

8. How we keep personal data secure

We apply technical and organisational measures that are proportionate to the size and nature of our business, including multi-factor authentication on all business cloud services, encryption in transit (TLS) and at rest, full-disk encryption on the laptops and devices we use, a password manager for credential management, regular operating system and application updates, and single-user access. Cyber Essentials certification is in progress. A fuller description is set out in our Information Security Policy, available on request.

9. Your rights

You have the following rights in relation to the personal data we hold about you. Not all of these rights apply in every situation, and some are subject to conditions under UK GDPR:

  • The right of access to a copy of your personal data.
  • The right to rectification of inaccurate or incomplete data.
  • The right to erasure in certain circumstances.
  • The right to restriction of processing in certain circumstances.
  • The right to data portability in a structured, commonly used, machine-readable format.
  • The right to object to processing based on legitimate interests, including direct marketing.
  • Rights related to automated decision-making. Synaptic AI does not currently make any such decisions.
  • The right to withdraw consent at any time, where we rely on consent.

To exercise any of these rights, please contact us using the details in section 12. We will respond within one month of receiving a valid request. In complex or high-volume cases we may extend that period by up to two further months and will tell you if we do so.

10. Cookies and similar technologies

Our website may use essential cookies to make the site work, and, where you consent, analytics cookies to help us understand how the site is used. You can manage your cookie preferences at any time through your browser. Please see our Cookie Policy for more detail.

11. Changes to this policy

We may update this Privacy Policy from time to time. The version number and effective date at the top of this page show when it was last updated. If we make significant changes, we will update our website and, where appropriate, notify affected individuals directly.

12. How to contact us or complain

For any questions about this policy, or to exercise your rights, please contact:

  • Synaptic AI Ltd, 14 Broadnook Close, Leicester, LE3 9SF
  • Email: bob@synapticgroup.ai

You also have the right to complain to the UK Information Commissioner's Office (ICO) if you are unhappy with how we have handled your personal data:

  • Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
  • Helpline: 0303 123 1113
  • Website: www.ico.org.uk

We would, however, appreciate the opportunity to address any concerns before you approach the ICO, so please consider contacting us first.